common

package
v2.0.11+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 17, 2020 License: GPL-3.0 Imports: 38 Imported by: 285

Documentation

Index

Constants

View Source
const RFC3339Milli = "2006-01-02T15:04:05.000Z07:00"

Variables

This section is empty.

Functions

func Compress

func Compress(data []byte) []byte

Compress returns zlib compressed data

func Contains

func Contains(list []string, target string) bool

Contains is a helper function that returns true if the target string is in the list.

func ContainsAny added in v1.0.5

func ContainsAny(list, targets []string) bool

ContainsAny returns true if any string in targets is present in the list.

func ContainsInt added in v1.0.5

func ContainsInt(list []int, target int) bool

ContainsInt returns true if the target int is in the list.

func ContainsWildcard added in v1.0.6

func ContainsWildcard(patterns []string, target string) bool

ContainsWildcard returns true if target matches any of the patterns. Patterns may contain the '*' wildcard.

func CopyBuffer

func CopyBuffer(dst io.Writer, src io.Reader, buf []byte) (written int64, err error)

CopyBuffer calls io.CopyBuffer, masking out any src.WriteTo or dst.ReadFrom to force use of the specified buf.

func CopyNBuffer added in v1.0.9

func CopyNBuffer(dst io.Writer, src io.Reader, n int64, buf []byte) (written int64, err error)

func Decompress

func Decompress(data []byte) ([]byte, error)

Decompress returns zlib decompressed data

func DoFileMigration

func DoFileMigration(migration FileMigration) error

DoFileMigration performs the specified file move operation. An error will be returned and the operation will not performed if: a file is expected, but a directory is found; a directory is expected, but a file is found; or a file, or directory, already exists at the target path of the move operation.

func FileExists

func FileExists(filePath string) bool

FileExists returns true if a file, or directory, exists at the given path.

func FormatByteCount added in v1.0.5

func FormatByteCount(bytes uint64) string

FormatByteCount returns a string representation of the specified byte count in conventional, human-readable format.

func GenerateAuthenticatedDataPackageKeys

func GenerateAuthenticatedDataPackageKeys() (string, string, error)

GenerateAuthenticatedDataPackageKeys generates a key pair be used to sign and verify AuthenticatedDataPackages.

func GenerateWebServerCertificate added in v1.0.7

func GenerateWebServerCertificate(commonName string) (string, string, error)

GenerateWebServerCertificate creates a self-signed web server certificate, using the specified host name (commonName). This is primarily intended for use by MeekServer to generate on-the-fly, self-signed TLS certificates for fronted HTTPS mode. In this case, the nature of the certificate is non-circumvention; it only has to be acceptable to the front CDN making connections to meek. The same certificates are used for unfronted HTTPS meek. In this case, the certificates may be a fingerprint used to detect Psiphon servers or traffic. TODO: more effort to mitigate fingerprinting these certificates.

In addition, GenerateWebServerCertificate is used by GenerateConfig to create Psiphon web server certificates for test/example configurations. If these Psiphon web server certificates are used in production, the same caveats about fingerprints apply.

func GetCurrentTimestamp

func GetCurrentTimestamp() string

GetCurrentTimestamp returns the current time in UTC as an RFC 3339 formatted string.

func GetInterfaceIPAddresses added in v1.0.5

func GetInterfaceIPAddresses(interfaceName string) (net.IP, net.IP, error)

GetInterfaceIPAddresses takes an interface name, such as "eth0", and returns the first IPv4 and IPv6 addresses associated with it. Either of the IPv4 or IPv6 address may be nil. If neither type of address is found, an error is returned.

func GetRoutableInterfaceIPAddresses

func GetRoutableInterfaceIPAddresses() (net.IP, net.IP, error)

GetRoutableInterfaceIPAddresses returns GetInterfaceIPAddresses values for the first non-loopback, non-point-to-point network interface on the host that has an IP address.

func GetStringSlice added in v1.0.5

func GetStringSlice(value interface{}) ([]string, bool)

GetStringSlice converts an interface{} which is of type []interace{}, and with the type of each element a string, to []string.

func IPAddressFromAddr

func IPAddressFromAddr(addr net.Addr) string

IPAddressFromAddr is a helper which extracts an IP address from a net.Addr or returns "" if there is no IP address.

func MakeSecureRandomBytes

func MakeSecureRandomBytes(length int) ([]byte, error)

MakeSecureRandomBytes is a helper function that wraps crypto/rand.Read.

func NewAuthenticatedDataPackageReader added in v1.0.5

func NewAuthenticatedDataPackageReader(
	dataPackage io.ReadSeeker, signingPublicKey string) (io.Reader, error)

NewAuthenticatedDataPackageReader extracts and verifies authenticated data from an AuthenticatedDataPackage stored in the specified file. The package must have been signed with the given key. NewAuthenticatedDataPackageReader does not load the entire package nor the entire data into memory. It streams the package while verifying, and returns an io.Reader that the caller may use to stream the authenticated data payload.

func PortFromAddr

func PortFromAddr(addr net.Addr) int

PortFromAddr is a helper which extracts a port number from a net.Addr or returns 0 if there is no port number.

func ReadAuthenticatedDataPackage

func ReadAuthenticatedDataPackage(
	dataPackage []byte, isCompressed bool, signingPublicKey string) (string, error)

ReadAuthenticatedDataPackage extracts and verifies authenticated data from an AuthenticatedDataPackage. The package must have been signed with the given key.

Set isCompressed to false to read packages that are not compressed.

func TerminateHTTPConnection added in v1.0.6

func TerminateHTTPConnection(
	responseWriter http.ResponseWriter, request *http.Request)

TerminateHTTPConnection sends a 404 response to a client and also closes the persistent connection.

func TruncateTimestampToHour

func TruncateTimestampToHour(timestamp string) string

TruncateTimestampToHour truncates an RFC 3339 formatted string to hour granularity. If the input is not a valid format, the result is "".

func WriteAuthenticatedDataPackage

func WriteAuthenticatedDataPackage(
	data string, signingPublicKey, signingPrivateKey string) ([]byte, error)

WriteAuthenticatedDataPackage creates an AuthenticatedDataPackage containing the specified data and signed by the given key. The output conforms with the legacy format here: https://bitbucket.org/psiphon/psiphon-circumvention-system/src/c25d080f6827b141fe637050ce0d5bd0ae2e9db5/Automation/psi_ops_crypto_tools.py

func WriteRuntimeProfiles added in v1.0.9

func WriteRuntimeProfiles(
	logger Logger,
	outputDirectory string,
	filenameSuffix string,
	blockSampleDurationSeconds int,
	cpuSampleDurationSeconds int)

WriteRuntimeProfiles writes Go runtime profile information to a set of files in the specified output directory. The profiles include "heap", "goroutine", and other selected profiles from: https://golang.org/pkg/runtime/pprof/#Profile.

The SampleDurationSeconds inputs determine how long to wait and sample profiles that require active sampling. When set to 0, these profiles are skipped.

Types

type APIParameterLogFieldFormatter added in v1.0.5

type APIParameterLogFieldFormatter func(GeoIPData, APIParameters) LogFields

APIParameterLogFieldFormatter is a function that returns formatted LogFields containing the given GeoIPData and APIParameters.

type APIParameterValidator added in v1.0.5

type APIParameterValidator func(APIParameters) error

APIParameterValidator is a function that validates API parameters for a particular request or context.

type APIParameters added in v1.0.5

type APIParameters map[string]interface{}

APIParameters is a set of API parameter values, typically received from a Psiphon client and used/logged by the Psiphon server. The values are of varying types: strings, ints, arrays, structs, etc.

type ActivityMonitoredConn

type ActivityMonitoredConn struct {
	net.Conn
	// contains filtered or unexported fields
}

ActivityMonitoredConn wraps a net.Conn, adding logic to deal with events triggered by I/O activity.

When an inactivity timeout is specified, the network I/O will timeout after the specified period of read inactivity. Optionally, for the purpose of inactivity only, ActivityMonitoredConn will also consider the connection active when data is written to it.

When a LRUConnsEntry is specified, then the LRU entry is promoted on either a successful read or write.

When an ActivityUpdater is set, then its UpdateActivity method is called on each read and write with the number of bytes transferred. The durationNanoseconds, which is the time since the last read, is reported only on reads.

func NewActivityMonitoredConn

func NewActivityMonitoredConn(
	conn net.Conn,
	inactivityTimeout time.Duration,
	activeOnWrite bool,
	activityUpdater ActivityUpdater,
	lruEntry *LRUConnsEntry) (*ActivityMonitoredConn, error)

NewActivityMonitoredConn creates a new ActivityMonitoredConn.

func (*ActivityMonitoredConn) GetActiveDuration

func (conn *ActivityMonitoredConn) GetActiveDuration() time.Duration

GetActiveDuration returns the time elapsed between the initialization of the ActivityMonitoredConn and the last Read. Only reads are used for this calculation since writes may succeed locally due to buffering.

func (*ActivityMonitoredConn) GetLastActivityMonotime

func (conn *ActivityMonitoredConn) GetLastActivityMonotime() monotime.Time

GetLastActivityMonotime returns the arbitrary monotonic time of the last Read.

func (*ActivityMonitoredConn) GetStartTime

func (conn *ActivityMonitoredConn) GetStartTime() time.Time

GetStartTime gets the time when the ActivityMonitoredConn was initialized. Reported time is UTC.

func (*ActivityMonitoredConn) IsClosed

func (conn *ActivityMonitoredConn) IsClosed() bool

IsClosed implements the Closer iterface. The return value indicates whether the underlying conn has been closed.

func (*ActivityMonitoredConn) Read

func (conn *ActivityMonitoredConn) Read(buffer []byte) (int, error)

func (*ActivityMonitoredConn) Write

func (conn *ActivityMonitoredConn) Write(buffer []byte) (int, error)

type ActivityUpdater

type ActivityUpdater interface {
	UpdateProgress(bytesRead, bytesWritten int64, durationNanoseconds int64)
}

ActivityUpdater defines an interface for receiving updates for ActivityMonitoredConn activity. Values passed to UpdateProgress are bytes transferred and conn duration since the previous UpdateProgress.

type AuthenticatedDataPackage

type AuthenticatedDataPackage struct {
	Data                   string `json:"data"`
	SigningPublicKeyDigest []byte `json:"signingPublicKeyDigest"`
	Signature              []byte `json:"signature"`
}

AuthenticatedDataPackage is a JSON record containing some Psiphon data payload, such as list of Psiphon server entries. As it may be downloaded from various sources, it is digitally signed so that the data may be authenticated.

type CloseWriter

type CloseWriter interface {
	CloseWrite() error
}

CloseWriter defines the interface to a type, typically a net.TCPConn, that implements CloseWrite.

type Closer

type Closer interface {
	IsClosed() bool
}

Closer defines the interface to a type, typically a net.Conn, that can be closed.

type Conns

type Conns struct {
	// contains filtered or unexported fields
}

Conns is a synchronized list of Conns that is used to coordinate interrupting a set of goroutines establishing connections, or close a set of open connections, etc. Once the list is closed, no more items may be added to the list (unless it is reset).

func NewConns added in v1.0.9

func NewConns() *Conns

NewConns initializes a new Conns.

func (*Conns) Add

func (conns *Conns) Add(conn net.Conn) bool

func (*Conns) CloseAll

func (conns *Conns) CloseAll()

func (*Conns) Remove

func (conns *Conns) Remove(conn net.Conn)

func (*Conns) Reset

func (conns *Conns) Reset()

type FileMigration

type FileMigration struct {

	// OldPath is the current location of the file.
	OldPath string

	// NewPath is the location that the file should be moved to.
	NewPath string

	// IsDir should be set to true if the file is a directory.
	IsDir bool
}

FileMigration represents the action of moving a file, or directory, to a new location.

type GeoIPData added in v1.0.5

type GeoIPData struct {
	Country        string
	City           string
	ISP            string
	ASN            string
	ASO            string
	DiscoveryValue int
}

GeoIPData is type-compatible with psiphon/server.GeoIPData.

type IrregularIndicator

type IrregularIndicator interface {
	IrregularTunnelError() error
}

IrregularIndicator defines the interface for a type, typically a net.Conn, that detects and reports irregular conditions during initial network connection establishment.

type LRUConns

type LRUConns struct {
	// contains filtered or unexported fields
}

LRUConns is a concurrency-safe list of net.Conns ordered by recent activity. Its purpose is to facilitate closing the oldest connection in a set of connections.

New connections added are referenced by a LRUConnsEntry, which is used to Touch() active connections, which promotes them to the front of the order and to Remove() connections that are no longer LRU candidates.

CloseOldest() will remove the oldest connection from the list and call net.Conn.Close() on the connection.

After an entry has been removed, LRUConnsEntry Touch() and Remove() will have no effect.

func NewLRUConns

func NewLRUConns() *LRUConns

NewLRUConns initializes a new LRUConns.

func (*LRUConns) Add

func (conns *LRUConns) Add(conn net.Conn) *LRUConnsEntry

Add inserts a net.Conn as the freshest connection in a LRUConns and returns an LRUConnsEntry to be used to freshen the connection or remove the connection from the LRU list.

func (*LRUConns) CloseOldest

func (conns *LRUConns) CloseOldest()

CloseOldest closes the oldest connection in a LRUConns. It calls net.Conn.Close() on the connection.

type LRUConnsEntry

type LRUConnsEntry struct {
	// contains filtered or unexported fields
}

LRUConnsEntry is an entry in a LRUConns list.

func (*LRUConnsEntry) Remove

func (entry *LRUConnsEntry) Remove()

Remove deletes the connection referenced by the LRUConnsEntry from the associated LRUConns. Has no effect if the entry was not initialized or previously removed.

func (*LRUConnsEntry) Touch

func (entry *LRUConnsEntry) Touch()

Touch promotes the connection referenced by the LRUConnsEntry to the front of the associated LRUConns. Has no effect if the entry was not initialized or previously removed.

type LogFields added in v1.0.5

type LogFields map[string]interface{}

LogFields is type-compatible with psiphon/server.LogFields and logrus.LogFields.

type LogTrace

type LogTrace interface {
	Debug(args ...interface{})
	Info(args ...interface{})
	Warning(args ...interface{})
	Error(args ...interface{})
}

LogTrace is interface-compatible with the return values from psiphon/server.TraceLogger.WitTrace/WithTraceFields.

type Logger added in v1.0.5

type Logger interface {
	WithTrace() LogTrace
	WithTraceFields(fields LogFields) LogTrace
	LogMetric(metric string, fields LogFields)
}

Logger exposes a logging interface that's compatible with psiphon/server.TraceLogger. This interface allows packages to implement logging that will integrate with psiphon/server without importing that package. Other implementations of Logger may also be provided.

type MetricsSource added in v1.0.9

type MetricsSource interface {

	// GetMetrics returns a LogFields populated with
	// metrics from the MetricsSource
	GetMetrics() LogFields
}

MetricsSource is an object that provides metrics to be logged

type NetDialer added in v1.0.9

type NetDialer interface {
	Dial(network, address string) (net.Conn, error)
	DialContext(ctx context.Context, network, address string) (net.Conn, error)
}

NetDialer mimicks the net.Dialer interface.

type RateLimits

type RateLimits struct {

	// ReadUnthrottledBytes specifies the number of bytes to
	// read, approximately, before starting rate limiting.
	ReadUnthrottledBytes int64

	// ReadBytesPerSecond specifies a rate limit for read
	// data transfer. The default, 0, is no limit.
	ReadBytesPerSecond int64

	// WriteUnthrottledBytes specifies the number of bytes to
	// write, approximately, before starting rate limiting.
	WriteUnthrottledBytes int64

	// WriteBytesPerSecond specifies a rate limit for write
	// data transfer. The default, 0, is no limit.
	WriteBytesPerSecond int64

	// CloseAfterExhausted indicates that the underlying
	// net.Conn should be closed once either the read or
	// write unthrottled bytes have been exhausted. In this
	// case, throttling is never applied.
	CloseAfterExhausted bool
}

RateLimits specify the rate limits for a ThrottledConn.

type ReloadableFile

type ReloadableFile struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

ReloadableFile is a file-backed Reloader. This type is intended to be embedded in other types that add the actual reloadable data structures.

ReloadableFile has a multi-reader mutex for synchronization. Its Reload() function will obtain a write lock before reloading the data structures. The actual reloading action is to be provided via the reloadAction callback, which receives the content of reloaded files, along with file modification time, and must process the new data (for example, unmarshall the contents into data structures). All read access to the data structures should be guarded by RLocks on the ReloadableFile mutex.

reloadAction must ensure that data structures revert to their previous state when a reload fails.

func NewReloadableFile

func NewReloadableFile(
	filename string,
	loadFileContent bool,
	reloadAction func([]byte, time.Time) error) ReloadableFile

NewReloadableFile initializes a new ReloadableFile.

When loadFileContent is true, the file content is loaded and passed to reloadAction; otherwise, reloadAction receives a nil argument and is responsible for loading the file. The latter option allows for cases where the file contents must be streamed, memory mapped, etc.

func (*ReloadableFile) LogDescription

func (reloadable *ReloadableFile) LogDescription() string

func (*ReloadableFile) Reload

func (reloadable *ReloadableFile) Reload() (bool, error)

Reload checks if the underlying file has changed and, when changed, invokes the reloadAction callback which should reload the in-memory data structures.

In some case (e.g., traffic rules and OSL), there are penalties associated with proceeding with reload, so care is taken to not invoke the reload action unless the contents have changed.

The file content is loaded and a checksum is taken to determine whether it has changed. Neither file size (may not change when content changes) nor modified date (may change when identical file is repaved) is a sufficient indicator.

All data structure readers should be blocked by the ReloadableFile mutex.

Reload must not be called from multiple concurrent goroutines.

func (*ReloadableFile) WillReload

func (reloadable *ReloadableFile) WillReload() bool

WillReload indicates whether the ReloadableFile is capable of reloading.

type Reloader

type Reloader interface {

	// Reload reloads the data object. Reload returns a flag indicating if the
	// reloadable target has changed and reloaded or remains unchanged. By
	// convention, when reloading fails the Reloader should revert to its previous
	// in-memory state.
	Reload() (bool, error)

	// WillReload indicates if the data object is capable of reloading.
	WillReload() bool

	// LogDescription returns a description to be used for logging
	// events related to the Reloader.
	LogDescription() string
}

Reloader represents a read-only, in-memory reloadable data object. For example, a JSON data file that is loaded into memory and accessed for read-only lookups; and from time to time may be reloaded from the same file, updating the memory copy.

type SubnetLookup

type SubnetLookup []net.IPNet

SubnetLookup provides an efficient lookup for individual IPv4 addresses within a list of subnets.

func NewSubnetLookup

func NewSubnetLookup(CIDRs []string) (SubnetLookup, error)

NewSubnetLookup creates a SubnetLookup from a list of subnet CIDRs.

func NewSubnetLookupFromRoutes

func NewSubnetLookupFromRoutes(routesData []byte) (SubnetLookup, error)

NewSubnetLookupFromRoutes creates a SubnetLookup from text routes data. The input format is expected to be text lines where each line is, e.g., "1.2.3.0\t255.255.255.0\n"

func (SubnetLookup) ContainsIPAddress

func (lookup SubnetLookup) ContainsIPAddress(addr net.IP) bool

ContainsIPAddress performs a binary search on the sorted subnet list to find a network containing the candidate IP address.

func (SubnetLookup) Len

func (lookup SubnetLookup) Len() int

Len implements Sort.Interface

func (SubnetLookup) Less

func (lookup SubnetLookup) Less(i, j int) bool

Less implements Sort.Interface

func (SubnetLookup) Swap

func (lookup SubnetLookup) Swap(i, j int)

Swap implements Sort.Interface

type ThrottledConn

type ThrottledConn struct {
	net.Conn
	// contains filtered or unexported fields
}

ThrottledConn wraps a net.Conn with read and write rate limiters. Rates are specified as bytes per second. Optional unlimited byte counts allow for a number of bytes to read or write before applying rate limiting. Specify limit values of 0 to set no rate limit (unlimited counts are ignored in this case). The underlying rate limiter uses the token bucket algorithm to calculate delay times for read and write operations.

func NewThrottledConn

func NewThrottledConn(conn net.Conn, limits RateLimits) *ThrottledConn

NewThrottledConn initializes a new ThrottledConn.

func (*ThrottledConn) Close

func (conn *ThrottledConn) Close() error

func (*ThrottledConn) Read

func (conn *ThrottledConn) Read(buffer []byte) (int, error)

func (*ThrottledConn) SetLimits

func (conn *ThrottledConn) SetLimits(limits RateLimits)

SetLimits modifies the rate limits of an existing ThrottledConn. It is safe to call SetLimits while other goroutines are calling Read/Write. This function will not block, and the new rate limits will be applied within Read/Write, but not necessarily until some further I/O at previous rates.

func (*ThrottledConn) Write

func (conn *ThrottledConn) Write(buffer []byte) (int, error)

Directories

Path Synopsis
Package accesscontrol implements an access control authorization scheme based on digital signatures.
Package accesscontrol implements an access control authorization scheme based on digital signatures.
crypto
internal/subtle
Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly.
Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly.
nacl/secretbox
Package secretbox encrypts and authenticates small messages.
Package secretbox encrypts and authenticates small messages.
ssh
Package ssh implements an SSH client and server.
Package ssh implements an SSH client and server.
ssh/agent
Package agent implements the ssh-agent protocol, and provides both a client and a server.
Package agent implements the ssh-agent protocol, and provides both a client and a server.
ssh/knownhosts
Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.
Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.
ssh/terminal
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
ssh/test
Package test contains integration tests for the github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/crypto/ssh package.
Package test contains integration tests for the github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/crypto/ssh package.
Package errors provides error wrapping helpers that add inline, single frame stack trace information to error messages.
Package errors provides error wrapping helpers that add inline, single frame stack trace information to error messages.
osl
Package osl implements the Obfuscated Server List (OSL) mechanism.
Package osl implements the Obfuscated Server List (OSL) mechanism.
Package parameters implements dynamic, concurrency-safe parameters that determine Psiphon client behavior.
Package parameters implements dynamic, concurrency-safe parameters that determine Psiphon client behavior.
Package prng implements a seeded, unbiased PRNG that is suitable for use cases including obfuscation, network jitter, load balancing.
Package prng implements a seeded, unbiased PRNG that is suitable for use cases including obfuscation, network jitter, load balancing.
Package quic wraps github.com/lucas-clemente/quic-go with net.Listener and net.Conn types that provide a drop-in replacement for net.TCPConn.
Package quic wraps github.com/lucas-clemente/quic-go with net.Listener and net.Conn types that provide a drop-in replacement for net.TCPConn.
Package sss implements Shamir's Secret Sharing algorithm over GF(2^8).
Package sss implements Shamir's Secret Sharing algorithm over GF(2^8).
Package stacktrace provides helpers for handling stack trace information.
Package stacktrace provides helpers for handling stack trace information.
Package tactics provides dynamic Psiphon client configuration based on GeoIP attributes, API parameters, and speed test data.
Package tactics provides dynamic Psiphon client configuration based on GeoIP attributes, API parameters, and speed test data.
Package tun is an IP packet tunnel server and client.
Package tun is an IP packet tunnel server and client.
Package values provides a mechanism for specifying and selecting dynamic values employed by the Psiphon client and server.
Package values provides a mechanism for specifying and selecting dynamic values employed by the Psiphon client and server.
Package wildcard implements a very simple wildcard matcher which supports only the term '*', which matches any sequence of characters.
Package wildcard implements a very simple wildcard matcher which supports only the term '*', which matches any sequence of characters.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL